Yuki Chen is the core member of 360Vulcan Team from 360 Safeguard offensive and defensive research group. He disclosed the details of the 2 vulnerabilities their team used to take down 64-bit IE in Pwn2Own 2015.

Charlie Miller is a security engineer at Uber, while Chris Valasek is Security Lead at Uber Advanced Technology Centre. They showed how to pivot through different pieces of the vehicle's hardware in order to be able to send messages on the CAN bus to critical electronic control units. PDF

Zhenhua 'Eric' Liu is the Principal Security Researcher at Istuary Security Research Team, and Yannick Formaggio is a French passionate IT security researcher at the same team. They presented the tool they developed for VxWorks assessment and one of the vulnerabilities they found which nicely bypass some mitigations. PDF

Jianhao Liu is the main contributor who discovered the vulnerability of Tesla and BYD in 2014 and 2015, and Jason has more than 10 years experience in operation. They shared the research works of vehicle attacking vectors. PDF

Edgar Barbosa is a senior security researcher with more than 10 years of experience, specialized in reverse engineering, kernel programming, rootkits, virtualization and program analysis. This presentation focused on tools for program analysis. PDF

Hack Your Car and I’ll Drive You Crazy: the Design of Hack-proof CAN-based Automotive System

Pk001 has years of experiences of reverse engineering in embedded automotive networks and systems. Dr. Yan works as the CEO role of VisualThreat, a leading mobile security vendor. In this talk, Pk001 and Dr. Yan showed how to build up a testing platform either from a real car or a simulator, how data transmitted on CAN bus among ECUs are monitored, and how to defend against each type of attack etc. PDF

Edgar Barbosa works as a senior security researcher at COSEINC, and he is an expert in kernel development, rootkit research, reverse engineering, hardware virtualization and program analysis. The objective of the presentation showed how to use constraint solvers, including SMT solvers for program analysis applications like reverse engineering and bug finding, and explained details about the translation of x86 assembly code to Intermediate languages and to SMT formulas. PDF

Both windknown and dm557 are from Pangu Team. windknown is currently working on security research and APP development of OSX/iOS. dm557 is a security researcher focusing on advanced vulnerability exploitation research. In this topic they mainly talked about the vulnerabilities they found and used in Pangu jailbreak for untether.

Jon Erickson is an engineer within the research lab at iSIGHT Partners. This research first focuses on analyzing these in-memory patches. By extracting information from them researchers are able to better understand the vulnerabilities that Microsoft intended to patch. The research then focuses on reverse engineering the patches and using this information to provide the ability to create patches which can be used to maintain persistence on a system. PDF

Nguyen Anh Quynh is the main designer of Capstone disassembly engine. This talk presented the internals and design theory of Capstone, which allows Capstone to have full support for 8 hardware architectures in a record time. He also explained why these wise decisions guarantee that Capstone will get bugs fixed frequently, quickly and always updated in the future. PDF

Rosario Valotta is an IT security professional with over 13 years experience. He has been actively finding vulnerabilities and exploits .In this talk he gave an overview of common memory corruption bugs, current browser fuzzing techniques and limitations, finally he introduced a novel fuzzing algorithm targeting some specific browsers aspects, explained the rationales behind them and discussed a bunch of exploitable memory corruption bugs uncovered using this approach. PDF

Łukasz Pilorz devoted to web security analysis. Paweł is a penetration tester and a bug hunter. They discussed how iOS third-party web browsers are built. PDF

10:40 - 10:50

Coffee Break

10:50 - 11:40

The Grugq / Click and Dagger: Denial and Deception on Android Smartphones PDF

The Grugq

Click and Dagger: Denial and Deception on Android Smartphones

The Grugq is a pioneering information security researcher with over a decade of professional experience. He has worked extensively with digital forensic analysis, binary reverse engineering, rootkits, Voice over IP, telecommunications and financial security. His presentation covered techniques used to secure the phone against forensic analysis when the adversary has physical possession of the device. PDF

11:40 - 13:00

Lunch

13:00 - 14:00

Badge Cracking Final

14:00 - 14:50

pLL / Be cautious, there is an attack window in your android app

pLL

Be cautious, there is an attack window in your android app

As a PhD student at Shanghai Jiao Tong University, pLL focuses on program analysis theory and algorithm. In this talk, he analyzed the principle of this vulnerability and attack model, and showed a static data flow analysis tool aDFAer, a dynamic message interceptor and an elaborately designed re-player to prove findings.

Joxean Koret is an expert in malware analysis and anti-malware software development. In this talk,he explained how to find vulnerabilities in AV products, and showed typical problems in AV products. PDF

24.09.2013

Jason Shirk / Social Networking, Mobile Phones, The Cloud and Privacy – The New Reality of Digital, Physical and Social Persona PDF

Jason Shirk

Social Networking, Mobile Phones, The Cloud and Privacy – The New Reality of Digital, Physical and Social Persona

Jason Shirk is currently the Security Lead for Microsoft’s Online Services Division. The new services are real-time, location specific and can/will have tremendous value. He talked about several tools including some vocabulary. PDF

Stefan Esseris best known in the security community as the PHP security guy. In 2010 he did his own ASLR implementation for Apple's iOS and shifted his focus to the security of the iOS kernel and iPhones in general. One of the disclosed kernel information leak vulnerabilities and its exploitation was outlined and security relevant changes in iOS 7 was discussed. PDF

The author works in Nanjing Hanhaiyuan as a security researcher. He introduced security model of Windows 7 including User Account Protection, Mandatory Integrity Control and UI Privilege Isolation as well as some technologies that can be used to bypass UAC, and also discussed about security vulnerabilities caused by UAC which involve Microsoft and third party company like Google. PDF

Yuki Chen has 5+ years experience in information security. he introduced a easy-and-reliable way to exploit java native vulnerability. With this method one can easily turn a java native vulnerability POC into a working exploit on Windows 7 with JRE 7 in one minute. PDF

Peter Hlavaty has recently reached his fourth year at ESET where he works as a software engineer. He examined how much additional safety these changes like SafeLink checks and block header encoding and decoding really provided, and also presented new exploitation technique. PDF

Paul Craig leads the Security-Assessment.com penetration testing team in Singapore. He demonstrated how large organisations within Asia are failing at security, despite their best attempts to be secure. From Hong Kong to Taiwan, Korea, Mainland China and Singapore, regulations, culture and business style are decreasing the security bar and lowering the security standard of the east. PDF

Wang Yu currently works in Qihoo 360 as security researcher. the author analyzed the implementation of NtVdm user mode and kernel mode, described the working principle of the DOS virtual machine engine, explained the causes of those vulnerabilities, and discussed the lessons we can learn from it. PDF

11:20 - 11:30

Coffee Break

11:30 - 12:20

Jonathan Brossard / An introduction to the Katsuni Theorem and its application to sandboxing and software emulation PDF

Jonathan Brossard

An introduction to the Katsuni Theorem and its application to sandboxing and software emulation

Jonathan is a freelance security researcher performing binary audits for fortune 500 companies.This presentation highlighted some of the limits of sandboxing technologies by exploring how those can not merely be bypassed, but really subverted to turn client side exploits and hostile binaries into network-wide compromise. PDF

pLL is a PhD student at Shanghai Jiao Tong University in the department of Computer. windknown is currently working on security research and development of OSX/iOS applications. They showed how to reveal the real purpose of a reflection invoking based on aDFAer engine. PDF

Pedro is an economist who loves to hack and reverse all kinds of things.This presentation discussed techniques already presented this year and some other tips and tricks to solve some questions left open. PDF

Dr Bradley Schatz divides his time between research and practice in the area of digital forensics. This lecture provided a detailed introduction to forensic acquisition and analysis of Android devices, with a focus primarily on interpretation of the YAFFS2 filesystem. PDF

13.12.2012

Tom Gallagher / Security Engineering And Product Improvements In The New Office PDF

Tom Gallagher

Security Engineering And Product Improvements In The New Office

Tom Gallagher is currently the lead of the Microsoft Office Security Test team. This presentation introduced those improvements Office Security Team made behind the scene, including increasing the speed of Fuzz and reliability as well as how to deeply cover features of Office to defend against attacks. PDF

Moti Joseph had been involved in computer security. In the last few years he had been working on reverse engineering exploit code and developing security products. This presentation introduced tools and scripts that one can use to do memory corruption analysis in Microsoft internet explorer. Aka going from crash to exploit via use after free memory corruption. PDF

Kevin Stadmeyer is a technical program manager in google where he helps run the vulnerability reward program. Checking process of the reward program was contained in the presentation but the main focus was on the types and amounts of awards and those funny stories happened. PDF

Ben Nagy is a security researcher with COSEINC. He had been working on the guts of the Word 2007 Binary Format and integrating the results into Metafuzz, his ruby-based fuzzing framework. His speech covered how to maximize performance of Fuzzing and apply it to defect mining of Windows Kernel. What can we fuzz? How do we deploy? How do we deliver the tests? How do we assess the effect of Fuzz? PDF

Neyolov Evgeny who is a security analyst in ERPScan & DSecRG team researches in the field of enterprise business application security, computer forensics and online-gambling & e-payment fraud activity investigation. He is also the organizer of the ZeroNights hacking conference and Russian Defcon Group. This research is deep analysis of professional fraudster activity which has been done in online casino, poker, betting and different e-payment systems. PDF

14.12.2012

CHROOT security research group member Dark Luo and Trend Micro advanced threat research team manager Sung-ting Tsai introduced how to reverse the iOS apps and become a super game player with the tricks. They also introduced several ways to bypass IAP (in-app purchase). PDF

Huan Ren worked on the design and development of Chrome browser since 2006, and led the development effort in multiple modules in Windows and Android version of Chrome. He is technical director at Qihoo 360 and responsible for the development of 360 browsers. He shared the design principle, evolution of security mechanism of Chrome, and evaluated their effectiveness. PDF

Dr. Yan was employed as Security Architect at top leading security companies with more than 12 years in security research field.Dr. Yan talked about DroidRide, an engine for large-scale and cross-family android malware analysis. Their testing showed that the engine can detect malware samples efficiently with malware correlation signatures at inline speed. PDF

Wang Yu who is engaged in cloud security solution research, Rootkit / Anti-Rootkit and vulnerability discovery currently works in Qihoo 360 as a security researcher. He mainly introduced the design of the Font Scaler engine, and the security impact of implementing the engine in Windows kernel mode. PDF

dm557 from McAfee Labs and independent researcher windknown introduced basic knowledge of iOS kernel and summary of known bugs used in Jailbreaks, showed how to write a fuzzer based on hook technique and the process of analyzing a real kernel bug. PDF

Haifei Li makes great efforts to resolve two problems: how to find vulnerabilities and how to exploit them. He previously worked for Fortinet and Microsoft. This presentation aimed to share his personal experience and discuss the evolution of security of Flash Player as well as future opportunities. PDF